When you experience a breach, time is crucial. Our 24/7 Security Operations Center responds immediately with precision to eliminate the threat and restore operations.
ShadowSpear® is an unparalleled resource that defends your organizations against advanced cyber threats and attacks 24/7/365.
Your organization has cybersecurity weaknesses and vulnerabilities you don’t yet even know about. They need to be found and found immediately. If you don’t someone else will.
The Ryuk ransomware operators have organized one of the most prevalent threat groups over the past year. Recent research shows how their methods are advancing.
The operators showed a preference for hosts with exposed remote desktop connections by using phishing emails as an initial entry to deliver their malware. To find and exploit these exposed RDP hosts, Ryuk ransomware operators are using brute force and spray-and-pray tactics. They have also been observed using the BazaCall campaign to spread malware through call centers where targeted entities are directed to open Excel documents containing malware.
Ryuk ransomware operators then conduct reconnaissance in two different phases. First to find out where the most valuable data and information is located within a compromised environment. Secondly, they find out the yearly revenue of their victim to ensure the ransom demand they request is feasible for the particular organization. Further steps involve using Cobalt Strike to expose general antivirus and endpoint detection and response tools to aid Ryuk in evading them.
More recent techniques show the operators utilizing KeeThief which is an open-source tool that can extract credentials from password managers. KeeThief extracts vital information from the memory of a running process with an unlocked database. When they are able to obtain the credentials of local administrators, they can work their way around defenses controlled by those administrators.
Ryuk’s operators mainly exploit older vulnerabilities that have available patches. Engaging with a security firm such as SpearTip will allow your organization to stay ahead of these threats with patch management and continuous monitoring. Our certified engineers work around the clock to make sure our clients and partners are protected from malicious cyber threats. Not only can we respond to threats instantly, but we can spot them and neutralize them before they do any harm to your business. Ryuk’s techniques are ever-evolving, so this means defenses have to evolve simultaneously and our team takes pride in learning every day to mitigate these threats.
Our team will continuously monitor environments 24/7 in our US-based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have direct communication with our engineers at any moment and a completely transparent view of your risk profile.
If you think your organization has been breached, call our Security Operations Center at 833.997.7327.
Identify, neutralize, and counter cyberattacks - provide confidence in your security posture
24/7 Breach Response: US/CAN: 833.997.7327
Main Office: 800.236.6550
1714 Deer Tracks Trail, Suite 150
St. Louis, MO 63131
©2024 SpearTip, LLC. All rights reserved.